iPhone Photo Security

If you have an iPhone running iOS 9, you should be aware that it may be possible to access your photos and contacts on a locked device, even with a passcode and/or Touch ID enabled. I’ve always ignored reports on this sort of security flaw, because they always seem to pop up with every iOS iteration, and almost always require a user to jump through what seems like a million hoops.

But for some reason—call it boredom, or call it poor judgement—I got curious, and decided to try this out for myself. As it turns out, it’s not that hard to do, and it certainly seems like a security flaw in iOS to me.

I debated on whether to post this, because obviously it’s going to bring attention to a security flaw that might let people access information that they shouldn’t be accessing.

For starters, please don’t get bent out of shape over this. This does not expose any other contents of your iPhone outside of Contacts and Photos. People still can’t unlock your device, read your messages, watch videos, etc. This only allows users to view your contacts, and look at your photos (not videos) through a limited interface. Photos cannot be forwarded or shared from your iPhone.

My hope is that a). this informs users that a passcode or Touch ID security isn’t necessarily enough to keep unwanted eyes off your photos and contacts, and b). Apple will see this and provide a fix. c). show you how to prevent the issue.

The thing is, this information is already out there, and the people who will use it for the bad probably already know about it. Consider this post an attempt to educate those who do not know about this iOS 9 security hiccup. Hopefully, it’ll allow users to make smarter decisions about their iPhone’s security.

Here’s how the security flaw works

Step 1: Enter four different incorrect passcode (iOS 9 temp-locks you out after the fifth incorrect passcode entry).

Step 2: Enter 3 digits towards an incorrect fifth passcode, and press and hold the Home button to invoke Siri followed immediately by the 4th digit.

Step 3: The iPhone will be temp-locked for a minute, but not before Siri is invoked.

Step 4: Ask Siri what time it is.

Step 5: Tap the Clock icon to open the Clock app.

Step 6: Tap the + icon in the upper right-hand corner.

Step 7: Type something erroneous in the Choose a City field.

Step 8: Tap in the field to invoke the copy & paste menu, and tap Select All → Share…

Step 9: Tap the Message app icon in the Share Sheet.

Step 10: Type something erroneous in the To field and tap Return.

Step 11: Tap two times on the erroneous contact name in the To field to open the Info page.

Step 12: Tap Create New Contact.

Step 13: Tap Add Photo.

Step 14: Tap Choose Photo.

Step 15: You will now see all of the photos and albums on the device, which is still locked. You can now browse and view each photo individually.

Note: If you’d prefer to see Contacts, tap Add to Existing Contact in Step 12 instead of Create New Contact.

And that’s pretty much it. Watch the video above to see how it’s done. It only takes about a minute.

Again, my hope is to inform users of this flaw. It’s already out there in the wild anyway, but hopefully Apple will see that this is a legitimate security issue, and fix it accordingly.

Before anyone gets up in arms about this, remember that operating systems are inordinately complex. Every system has flaws, there are no exceptions to this, hence the need for security updates. Even rock solid systems that have been around for eons have flaws and occasional security-related patches.

It is possible to prevent this issue by disabling Siri access while your iPhone is locked. If you’re at all concerned about this, I recommend taking this measure until Apple patches this flaw. To disable Siri access from the Lock screen go to Settings → Touch ID & Passcode and turn off the Siri switch under the Allow Access When Locked heading.

Disable Siri Locked iPhone

The best thing to do is not to panic, and instead be aware of what may be possible. Keep your iPhone within eyesight, or turn off Siri access from the Lock screen, and wait for Apple to issue a fix.

  • RayRayBeav

    Once I get into the clock, i just press the home button and it takes me to my home screen. My phone is unlocked 🙁

    • Chris

      Sounds like you have Touch ID enabled, as explained, this would typically only work with a passcode only.

      • Yeah, use a non-Touch ID-enable finger.

      • RayRayBeav

        Ha, thanks Chris & Jeff!! Silly me, I should have realized that lol. Damn you Touch ID! lol

      • Neel Parikh

        hey jeff : does iPhone 5s works as good as jb 8.4 on iOS 9?WHAT’S YOUR THOUGHTs, SOUND BELOW IN THE COMMENT !!!THIS IS NEEL FROM ………( i love your style )

  • Chris

    Compared to previous versions, this by far is the most complex and I personally can’t see it being used as you more commonly see people upset because they leave their iPhone for example unlocked on a table somewhere.

    • RayRayBeav

      I agree, I don’t see many people doing this. I never would have thought about it before reading it here on iDB. I always lock my iPhone when it’s not in my hand.

  • Merman123

    How the hell do people figure these out lol

    • blu

      That is what I have always wondered also. I mean do people just sit around all day doing crap to their phone, and even then, why would you even come across these steps?

      • Its called a checklist. Apple is one of the few companies who extensively use checklists to ensure crap like this doesnt happen.

      • Your Mother

        Yet it does happen, repeatedly.

    • Legendary98

      Jealous girlfriends at 4 am trying to hack your phone while sleeping is how this happens.

  • coLin

    what if you have Siri disabled for lockscreen?

    • Then it won’t work. That’s what you should do if you’re worried about it.

      • coLin

        I’m on 8.3 still. Too lazy to update to 8.4
        I guess I’ll catch the next train

  • besrate hogsa

    I have never used a password n my iPhone 6 plus
    Only during reboot
    It is a security flaw or a minor bug

  • Barry Becker

    I’m on 9.1b1 and this is still easily performed. Turning off Siri only fixes half the problem. The camera roll is still wide open.

  • Tylor Jackson

    It’s look like passcode bypass iOS 9 and iOS 9.1 beta passcode bypass too? :o..

  • Andrieux Querido

    I Use Asphaleia2 and lock the Photos on my touch ID. I guess this is the best solution.

  • Felipe Queiroz Drumond

    If Apple created new bugs in a stock iOS9 app, I’m sure Apple has also created new ways for jailbreaking!

  • Josh1991

    YouTube app is updated

    • Thanks, this will definitely patch this flaw.

      • Josh1991

        Lmao I was just throwing that out there

  • Ed

    Can this still be done with a 6 digit passcode?

  • Anonomous.TECH.man

    I really want to know how people find this stuff.

    • ProSzakal Aszakal

      I think they have nothing better to do… 😉

  • Alberto Espinal

    One question Jeff? Is your pointer finger registered in your TouchID?

  • Sean

    Maybe I’ll try again tomorrow, but when I just tried it on my iPhone 5S on iOS 9.0 it asked for the passcode again after step 9. Maybe I did something wrong?

  • Jailbrkr21

    I always turn siri off on lock screen. I don’t know what the point of having it on would be.

  • Jason

    how does someone find the correct unique steps like this? and why? i mean the odds are improbable to say the least.

  • Shashank Samudralwar

    Does it work with iOS 9.1 Public Beta?

  • Preetham D’souza

    After Step 9: Tap the Message app icon in the Share Sheet. The passcode screen is showing to me. i.e. to open Message app i need to login

    • plattform

      Same for me. I’m on iOS 9, repeated the steps over and over exactly as above and got a passcode login when I try to go to the Message app.

  • BooBee

    I never have Siri accessible from lock screen so I’m good.

  •  Liam 

    Hey Jeff, just to let you know that this method DOESN’T work on the 9.1 beta so it seems Apple have already corrected the issue 🙂

  • James

    that’s awfully specific.

  • KStckl

    I’m on 9.1 and it is not working. I worked me through the list and after step 8 my iPhone asked me for the code

  • John Sira

    The phone won’t allow “Search web” while locked (around 1:25) in the video. Running 8.4.

  • Great opportunity for every one…… show you a fantastic ways to earn 375 dollars per day by finishing basic tasks from your house for few short hours a day — See more info by visiting >MY_DISQUS_ profil e

  • …when you invoke SIRI…(step 4) you unlock phone with your fingerprint… try again with ad unregistered finger…

  • Hi

    Can you do this if you have a fix digit pass code?

  • Karthik Mitta

    Guys, Is this issue fixed in iOS 9.2.1. Because I am able to reproduce the issue still…?????